Update and Discussions on Technology Initiatives TSAG Meeting 4/11/02.

Slides:

Advertisements

Similar presentations

Presenter: Mark Elkins Topic: Things not getting done.

Advertisements

Technology Update TSAG Meeting 8/8/02. Announcements: Account Cleanup  Number of Accounts: 41,338  Number of Faculty/Staff:~ 3,000  Number of Students:~30,000(~

1 Chapter 8 Fundamentals of System Security. 2 Objectives In this chapter, you will: Understand the trade-offs among security, performance, and ease of.

Password?. Project CLASP: Common Login and Access rights across Services Plan

Case Studies for Projects. Network Audit A brief description of the systems (via fingerprinting, if black box is used) Network perimeter should be described.

Chapter 7 HARDENING SERVERS.

Technology Update TSAG Meeting 9/12/02. Announcements: Mandatory Password Changes Coming in October! (Postponed) End of BootP (November 1) DNS Cleanup.

Technology Update TSAG Meeting 6/13/02. Announcements: DNS Naming and Cleanup (coming!)  imap: , mail, mail1, mailsrv1  telnet, csun1: csun2, hp9k2,

CLIENT / SERVER ARCHITECTURE AYRİS UYGUR & NİLÜFER ÇANGA.

Technology Update TSAG Meeting 3/13/03. Announcements: Disaster Recovery Test:[Bill]  (2/18-19) Networking Infrastructure: DNS, DHCP, Authentication.

Technology Update TSAG Meeting 2/13/03. Announcements: Self-Service Account Utility Available Disaster Recovery Test:  (2/18-19)

Technology Update TSAG Meeting 11/14/02. Announcements: Spam Open Forum  Monday November 18, 2pm-3pm  OV Presentation Room Campus Operations Center:

FIREWALLS & NETWORK SECURITY with Intrusion Detection and VPNs, 2 nd ed. 6 Packet Filtering By Whitman, Mattord, & Austin© 2008 Course Technology.

Enumeration. Local IP addresses Local IP addresses (review)  Some special IP addresses  localhost (loopback address)  Internal networks 

Technology Update TSAG Meeting 10/10/02. Announcements: DNS Cleanup Send periodic ICMP ping probes to all DNS entries (8/26- 9/13) Correlate data obtained.

TSAG Meeting 3/14/02 Update on Current Technology Initiatives.

Technology Update TSAG Meeting 7/11/02. Announcements: DNS Naming and Cleanup (coming!)  imap: , mail, mail1, mailsrv1  telnet, csun1: csun2, hp9k2,

Payment Card Industry (PCI) Data Security Standard

Barracuda Web Filter Overview March 26, 2008 Alan Pearson, Monroe County School District Marcus Burge, Network Engineer.

Implementing Exchange Server Security Ward Solutions.

1 Enabling Secure Internet Access with ISA Server.

Securing Exchange Server Session Goals: Introduce you to the concepts and mechanisms for securing Exchange Examine the techniques and tools.

1 Chapter 6 Network Security Threats. 2 Objectives In this chapter, you will: Learn how to defend against packet sniffers Understand the TCP, UDP, and.

Securing Your GroupWise ® System Morris Blackham Software Engineer Novell, Inc. Danita Zanrè Senior Consultant Caledonia.

CS426Fall 2010/Lecture 361 Computer Security CS 426 Lecture 36 Perimeter Defense and Firewalls.

© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Version 4.1 ISP Responsibility Working at a Small-to-Medium Business or ISP – Chapter 8.

Packet Filtering. 2 Objectives Describe packets and packet filtering Explain the approaches to packet filtering Recommend specific filtering rules.

Overview: Identify the Internet protocols and standards Identify common vulnerabilities and countermeasures Identify specific IIS/WWW/FTP concerns Identify.

Chapter 6: Packet Filtering

Csci5233 Computer Security1 Bishop: Chapter 27 System Security.

Chapter 13 – Network Security

1 Chapter 6: Proxy Server in Internet and Intranet Designs Designs That Include Proxy Server Essential Proxy Server Design Concepts Data Protection in.

IMPLEMENTING F-SECURE POLICY MANAGER. Page 2 Agenda Main topics Pre-deployment phase Is the implementation possible? Implementation scenarios and examples.

Technology Update TSAG Meeting 4/8/04. Announcements IPX and Appletalk being phased out Friday June (Last day of academic year)

Chapter 1: The Internet and the WWW CIS 275—Web Application Development for Business I.

TCP/IP fundamentals Unit objectives Discuss the evolution of TCP/IP Discuss TCP/IP fundamentals.

Packet Filtering Chapter 4. Learning Objectives Understand packets and packet filtering Understand approaches to packet filtering Set specific filtering.

1 Chapter Overview Password Protection Security Models Firewalls Security Protocols.

Application Services COM211 Communications and Networks CDA College Theodoros Christophides

Data Communications and Computer Networks Chapter 2 CS 3830 Lecture 8 Omar Meqdadi Department of Computer Science and Software Engineering University of.

Module 6: Integrating ISA Server 2004 and Microsoft Exchange Server.

Module 6: Managing Client Access. Overview Implementing Client Access Servers Implementing Client Access Features Implementing Outlook Web Access Introduction.

TSAG Meeting 1/09/02 Update on Current Technology Initiatives Steven Fitzgerald.

Module 14: Securing Windows Server Overview Introduction to Securing Servers Implementing Core Server Security Hardening Servers Microsoft Baseline.

Technology Update TSAG Meeting 7/8/04. Announcements New Interim Director of User Support Services: Bill Hardy Outage on July 17 Udrive status Anyone.

1 Linux Security. 2 Linux is not secure No computer system can ever be "completely secure". –make it increasingly difficult for someone to compromise.

Hacking Windows What to do first?  Patch : of course the first thing to do is apply SP3 and the critical updates. More will come …critical updates.

Technology Update TSAG Meeting 12/12/02. Announcements: Campus Operations Center: Holiday Hours  Christmas: 12/22-1/1 8am-5pm Coverage  On Call Coverage:

LO1 Know types of Network Systems and Protocols. Application Layer Protocols.

Security fundamentals Topic 10 Securing the network perimeter.

Database Security David Nguyen. Dangers of Internet  Web based applications open up new threats to a corporation security  Protection of information.

ITGS Network Architecture. ITGS Network architecture –The way computers are logically organized on a network, and the role each takes. Client/server network.

Technology Update TSAG Meeting 6/10/04. Old Voic System New Voic System installed on May 17 Remaining Issues:  Migrating calling trees  Some.

Module 7: Implementing Security Using Group Policy.

Overview of Firewalls. Outline Objective Background Firewalls Software Firewall Hardware Firewall Demilitarized Zone (DMZ) Firewall Types Firewall Configuration.

IPv6 security for WLCG sites (preparing for ISGC2016 talk) David Kelsey (STFC-RAL) HEPiX IPv6 WG, CERN 22 Jan 2016.

Active Directory. Computers in organizations Computers are linked together for communication and sharing of resources There is always a need to administer.

Module 8 Implementing Security Using Group Policy.

SSH. 2 SSH – Secure Shell SSH is a cryptographic protocol – Implemented in software originally for remote login applications – One most popular software.

Vmware 2V0-621D Vmware Exam Questions & Answers VMware Certified Professional 6 Presents

1 Page1 WELCOME Call-in toll-free number: Conference Code: Please do not put your phone on hold. Use *6 to mute your line.

Chapter 8.  Upon completion of this chapter, you should be able to:  Understand the purpose of a firewall  Name two types of firewalls  Identify common.

Server Administration, Server Management and Networking Alokes Chattopadhyay.

Security fundamentals

Working at a Small-to-Medium Business or ISP – Chapter 8

Firewall – Survey Purpose of a Firewall Characteristic of a firewall

Technology Update TSAG Meeting 5/11/04.

Welcome To : Group 1 VC Presentation

Chapter 4 Core TCP/IP Protocols

Presentation transcript:

Update and Discussions on Technology Initiatives TSAG Meeting 4/11/02

Announcements: Webmail caching problems:  Logout of webmail, and  Close the web browser Webmail Sorting Criteria: Limiting SMTP Vulnerabilities (4/15/02  4/20/02) Unification of Majordomo, Vacation, and Campus Account (5/6/02) DNS Naming and cleanup (coming!)

Topics for Today Wireless Network Update (Will Trask) Active-Directory Testing Update (Ed Stark) Network Access Control Desktop and Server Standards  Supported OS (Tim Boyle)  Required Software  Desktop Security “Best Practices” (Caleb Fahey)

Goal for Network Access Control Reduce the amount of SPAM mail Reduce exposure to copyright infringement Reduce exposure to DOS attacks Increase bandwidth to campus community Increase the integrity of inter- and intra-campus network communications Increase productivity of all by not dealing with SPAM and other such attacks To address the LARGE number of current system vulnerabilities !

Approach to Network Security Steps to Improve Security:  Security Assessment  Education (and immediate remedies)  Policy Generation Network Policies:  Today: Anyone at anytime from any location can physical connect any server to the Network.  Future? Paradigms:  Allow all, deny exceptions  Deny all, allow exceptions

Current Snapshot Internet Services housed at CSUN: AFS and NFS: Kerberos: 41 Jet Direct: 586pcanywhere: 19 Flexlm: 744netbios-ssn: 2279 loc-srv: 2069svrloc: 433 ldap: 82ldaps: 636 http/s ( (MGMT) 80 (proxy)): 557 ftp: 648telnet: 793 ssh: 221  Number of Servers: 2703  Number of Ports:  Number of Ports < 1024: 13527

Current Snapshot Internet Services housed at CSUN: AFS and NFS: Kerberos: 41 Jet Direct: 586pcanywhere: 19 Flexlm: 744netbios-ssn: 2279 loc-srv: 2069svrloc: 433 ldap: 82ldaps: 636 http/s ( (MGMT) 80 (proxy)): 557 ftp: 648telnet: 793 ssh: 221  Number of Servers: 2703  Number of Ports:  Number of Ports < 1024: 13527

Current Snapshot Internet Services housed at CSUN: AFS and NFS: Kerberos: 41 Jet Direct: 586pcanywhere: 19 Flexlm: 744netbios-ssn: 2279 loc-srv: 2069svrloc: 433 ldap: 82ldaps: 636 http/s ( (MGMT) 80 (proxy)): 557 ftp: 648 telnet: 793 ssh: 221  Number of Servers: 2703  Number of Ports:  Number of Ports < 1024: 13527

Current Snapshot Internet Services housed at CSUN: AFS and NFS: Kerberos: 41 Jet Direct: 586pcanywhere: 19 Flexlm: 744netbios-ssn: 2279 loc-srv: 2069svrloc: 433 ldap: 82ldaps: 636 http/s ( (MGMT) 80 (proxy)): 557 ftp: 648telnet: 793 ssh: 221  Number of Servers: 2703  Number of Ports:  Number of Ports < 1024: 13527

Activities to Address Vulnerabilities: Attack problem in levels First step: Focus on campus/internet boundary  Reduce the number of entry points to campus  Reduce the number of exit points to campus Move towards authenticated and encrypted protocols and applications, e.g., https, ssh Focus on prominent vulnerabilities, e.g., mail protocols:  smtp (142 => ~16)  pop2, pop3, imap2 (155)

Tasks and Next Steps? ACLs deployed for several colleges/units and for several protocols (snmp, smtp!) Provide information on:  Deployed servers on campus  Required inbound ports for servers  Required outbound ports for servers Block all inbound traffic to non-servers (date?) Block all unwanted traffic to servers (date?) Recommend and then deploy SSH client (date?)

Desktop and Server Standards Goals: To educate the campus and the IT staffs on the needs for appropriate security controls To collaboratively define and implement these controls, which will result in  improved security for the campus computing infrastructure  reduced work load for the technical staffs  increased productivity of the end users To ensure that local autonomy/flexibility is retained via the local IT units

Standards Should Include Operating Systems (Tim Boyle) Administrator Access and Passwords Software requirements?  Secure Shell  Antivirus software Mail Server Standards?  Antivirus Filter  Authenticated SMTP and IMAP  Directory Aware Shutdown Policy (ITR Internal Draft)

ITR’s Top Five Practices for NT Administration 1. Eliminate well-known accounts: administrator, guest, Only administrators should have administrator privileges 3. Provide a separate and unique administration account for each administrator Naming convention should be a_ 4. All desktops must require login passwords and must enable screen savers 5. Default login name on login prompt should be blank